[Bug-gnulib] Bug#211477: patch for m4 "translit" buffer overrun that breaks autoreconf+gnulib

[Paul Eggert]

Package: m4
Version: 1.4-16
Severity: important

When building programs that use recent versions of gnulib, I have run
into problems looked like this when I invoke autoreconf on my Debian
GNU/Linux box:

configure.ac:102: warning: gl_CHECK_HEADER_uisd_h is m4_require'd but is not 
m4\_defun'd

That 'gl_CHECK_HEADER_uisd_h' should be 'gl_CHECK_HEADER_unistd_h',
but m4 trashed the identifier.

I debugged m4 and tracked it down to the following buffer overrun in
the implementation of m4's `translit' primitive.  Because of the
nature of this bug, it is intermittent; it will happen on some
installations and not others, depending on how memory happens to be
laid out.  I don't know whether this buffer overrun is security
relevant, since I don't know which Debian programs use `m4' as root
(sendmail perhaps?).

This fix has already been in the m4 upstream for several years.

I'm CC'ing this fix to bug-gnulib and bug-autoconf, so that the gnulib
and autoconf developers know about the issue.  I'm reporting this
problem for m4 1.4-16 (unstable), but the same bug occurs in 1.4-14
(stable) and 1.4-15 (testing) as well.

Here's the fix:

  * Propagate `translit' buffer-overrun patch from upstream.

diff -pru m4_1.4-16/src/builtin.c m4_1.4-16-fix/src/builtin.c
--- m4_1.4-16/src/builtin.c     Wed Sep 17 16:01:02 2003
+++ m4_1.4-16-fix/src/builtin.c Wed Sep 17 16:02:44 2003
@@ -1386,7 +1386,11 @@ expand_ranges (const char *s, struct obs
        {
          to = *++s;
          if (to == '\0')
-           obstack_1grow (obs, '-'); /* trailing dash */
+           {
+              /* trailing dash */
+              obstack_1grow (obs, '-');
+              break;
+           }
          else if (from <= to)
            {
              while (from++ < to)